{"id":8004,"date":"2026-04-28T15:53:27","date_gmt":"2026-04-28T15:53:27","guid":{"rendered":"https:\/\/locaterisk.com\/?p=8004"},"modified":"2026-04-28T18:21:20","modified_gmt":"2026-04-28T18:21:20","slug":"bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/en\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/","title":{"rendered":"BSI C3A: Cloud sovereignty &amp; operational independence"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\r\n    <div class=\"content\">\r\n\t\t<div class=\"headline\">\r\n\t\t\t<button class=\"to-blog-button\">Back to Blog                <a href=\"https:\/\/locaterisk.com\/en\/blog\/\"><\/a>\r\n\t\t\t<\/button>\r\n\t\t\t\t\t<\/div>\r\n        <div class=\"main-content\">\r\n\t\t\t\t\t\t<!--\r\n            <div class=\"header\">\r\n                <h6> <\/h6>\r\n            <\/div>\r\n\t\t\t\t\t\t-->\r\n            <h1 class=\"title\">C3A: What the new BSI criteria mean for CISOs<\/h1>\r\n            <p class=\"paragraph\"><br><br>For a long time, \u201edigital sovereignty\u201c was a rather abstract term in strategic papers - a target value without a clear metric. However, with the publication of the <strong>Criteria enabling Cloud Computing Autonomy (C3A)<\/strong> The Federal Office for Information Security (BSI) is changing the rules of the game. For CISOs and IT managers, this means that sovereignty is moving from the philosophical corner directly into operational risk management and compliance auditing. For organizations under NIS 2 regulation, the C3As provide a methodical basis for systematically identifying and evaluating dependencies in the supply chain.<\/p>\r\n        <\/div>\r\n    <\/div>\r\n<\/div>\r\n\r\n\r\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"533\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S.png\" alt=\"\" class=\"wp-image-8017\" style=\"object-fit:cover;width:856px;height:auto\" srcset=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S.png 800w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S-300x200.png 300w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S-768x512.png 768w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S-18x12.png 18w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption class=\"wp-element-caption\"><br>With the finalization of the <strong>Criteria enabling Cloud Computing Autonomy (C3A)<\/strong> by the BSI brings the operational independence of cloud services into the focus of risk management.&nbsp;<\/figcaption><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>From the leap of faith to technical validation<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>C3A: Why digital sovereignty is becoming a measurable metric in risk management<\/strong><\/h3>\n\n\n\n<p>The previous basis for cloud security was the C5 test standard. It provides an excellent foundation for information security, but largely ignores the issue of dependencies and legal access options. This is precisely where the C3As come in. They define sovereignty not as a binary state, but as a spectrum in six dimensions: from strategic sovereignty to data sovereignty and operational autonomy.<\/p>\n\n\n\n<p>Particularly in the context of the <strong>NIS-2 regulation<\/strong> the criteria become more important. According to <strong>Article 21 NIS-2<\/strong> companies are obliged to ensure the security of their supply chains. Anyone using cloud services must now demonstrate how they assess their dependence on non-European jurisdictions and the associated risks (keyword: US Cloud Act).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The six dimensions of cloud sovereignty<\/strong><\/h3>\n\n\n\n<p>The BSI divides sovereignty into:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Strategic sovereignty:<\/strong> Long-term ability to act and avoid lock-in effects.<\/li>\n\n\n\n<li><strong>Legal sovereignty:<\/strong> Protection against unauthorized access from third countries (e.g. US Cloud Act).<\/li>\n\n\n\n<li><strong>Data sovereignty:<\/strong> Control over the entire life cycle of the data.<\/li>\n\n\n\n<li><strong>Operational sovereignty:<\/strong> Ensuring operational and administrative sovereignty.<\/li>\n\n\n\n<li><strong>Supply chain sovereignty:<\/strong> Transparency about sub-service providers and components.<\/li>\n\n\n\n<li><strong>Technological sovereignty:<\/strong> Availability of alternatives and interoperability.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><strong>Personnel requirements according to SOV-4-01-C2<\/strong><\/strong><\/h3>\n\n\n\n<p>One criterion of the operational dimension concerns access to the cloud infrastructure. The requirements level <strong>SOV-4-01-C2<\/strong> stipulates that all employees of the cloud service provider who have logical or physical access to the resources must comply with the <strong>Citizenship of an EU member state<\/strong> own and their <strong>Residence within the Federal Republic of Germany<\/strong> must have. This regulation aims to ensure maximum legal accessibility and operational control by national security authorities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>The \u201edisconnect\u201c criterion and the annual inspection obligation<\/strong><\/h3>\n\n\n\n<p>The criterion <strong>SOV-4-09-C<\/strong> requires that a cloud service must retain its integrity and availability even if the connection to non-European instances is interrupted. Companies that claim this level of sovereignty are subject to a <strong>annual inspection obligation<\/strong>. It must be technically proven that the local instance remains capable of working autonomously. This is a relevant factor for increasing resilience, particularly for KRITIS sectors.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><strong>Regulatory classification: Framework for action instead of law<\/strong><\/strong><\/h3>\n\n\n\n<p>The decisive factor for the risk assessment is which legal obligation applies:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>MST-NCD:<\/strong> The minimum standard for the use of external cloud services is in accordance with Section 44 BSIG for the <strong>Federal Administration<\/strong> binding.<\/li>\n\n\n\n<li><strong>C3A:<\/strong> For private sector companies, including KRITIS and NIS-2 regulated entities, the C3As act as a <strong>Non-legally binding orientation framework<\/strong>. However, they can be used as a list of requirements in tenders or to fulfill due diligence obligations in risk management.<br><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><strong>Implementation by EASM and VRM<\/strong><\/strong><\/h3>\n\n\n\n<p>The technical validation of these criteria is carried out using a combination of External Attack Surface Management (EASM) and Vendor Risk Management (VRM)<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Asset geolocalization:<\/strong> EASM analyses detect infrastructure components in jurisdictions that contradict the sovereignty objectives (e.g. shadow IT in third countries).<\/li>\n\n\n\n<li><strong>Supply chain monitoring:<\/strong> VRM workflows automate the querying of the six C3A dimensions with service providers. This enables continuous monitoring of the sovereignty parameters over the entire life cycle of the business relationship.<br><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Protective measures and recommendations for action<\/h3>\n\n\n\n<p>In order to meet the BSI criteria and the requirements of the NIS2 directive, companies should prioritize the following measures:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Systematically evaluate and document cloud providers according to the BSI criteria for sovereignty<\/li>\n\n\n\n<li>Design contracts with cloud service providers in such a way that data sovereignty and auditability are guaranteed<\/li>\n\n\n\n<li>Consistently implement technical measures such as encryption and access controls<\/li>\n\n\n\n<li>Continuously monitor and document asset inventory and data flows<\/li>\n\n\n\n<li>Conduct regular audits to demonstrate compliance with BSI criteria and NIS2 requirements<\/li>\n\n\n\n<li>Establish processes to ensure control over data and systems when changing providers<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>C3A<\/strong>-<strong>Evaluate and prove compliance<\/strong><\/h3>\n\n\n\n<p>LocateRisk supports companies in assessing the sovereignty of their cloud services and efficiently managing regulatory evidence. The platform makes it possible to continuously monitor cloud providers and suppliers and identify relevant risks at an early stage. Data flows and system landscapes can be transparently mapped via the asset inventory, which is required for audits and compliance checks in accordance with NIS2. More about the methodology at <a href=\"https:\/\/locaterisk.com\/en\/landing\/vendor-risk-management-leicht-gemacht\/\" target=\"_blank\" rel=\"noreferrer noopener\">Vendor Risk Management<\/a><br>Check whether your external assets and suppliers meet the current technical BSI and NIS2 requirements: <a href=\"https:\/\/locaterisk.com\/en\/demo\/\" target=\"_blank\" rel=\"noreferrer noopener\"> Free analysis<\/a><a href=\"https:\/\/locaterisk.com\/en\/demo\/\">start<\/a><\/p>\n\n\n\n<p><br><br>Sources and further information<br><strong>BSI:<\/strong> <a href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/CloudComputing\/C3A_Cloud_Computing_Autonomy.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Criteria enabling Cloud Computing Autonomy (C3A)<\/a> - Official PDF document of the BSI.<\/p>\n\n\n\n<p><strong>BSI:<\/strong> <a href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Mindeststandards\/Mindeststandard_Nutzung_externer_Cloud-Dienste_Version_2_1.pdf?__blob=publicationFile&amp;v=4\" target=\"_blank\" rel=\"noreferrer noopener\">Minimum standard for the use of external cloud services (MST-NCD)<\/a> - Scope and requirements for the Federal Administration.<\/p>\n\n\n\n<p><strong>Heise Online:<\/strong> <a href=\"https:\/\/www.heise.de\/news\/BSI-definiert-wann-eine-Cloud-wirklich-souveraen-ist-11272737.html\" target=\"_blank\" rel=\"noreferrer noopener\">BSI defines criteria for cloud sovereignty<\/a> - Technical report on the publication of the C3A.<\/p>\n\n\n\n<p><strong>LocateRisk:<\/strong> <a href=\"https:\/\/locaterisk.com\/en\/landing\/vendor-risk-management-leicht-gemacht\/\" target=\"_blank\" rel=\"noreferrer noopener\">Focus on vendor risk management<\/a> - Strategies for automated supply chain assessment.<\/p>\n\n\n\n<div class=\"wp-block-lr-faq-module\"><div class=\"content\"><h3><strong>Technical FAQ: Operational independence in cloud security management<\/strong><\/h3><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Why are the previous C5 test certificates no longer sufficient for the new cloud sovereignty?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">The C5 standard is an excellent tool for testing information security, but it primarily addresses the protection goals of confidentiality and integrity. The C3As go a decisive step further: they assess dependency. While C5 confirms that the front door is locked, the C3As check who has the second key and whether the landlord can unilaterally block access. For companies, this means moving from a pure security check to an assessment of operational autonomy and legal accessibility.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What role does the personnel requirement (SOV-4-01-C2) play in practice?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">The BSI requires personnel with a permanent residence in Germany for the highest level. Simple \u201ehosting in Germany\u201c loses its value if administrative support is provided from jurisdictions that are subject to the US Cloud Act. Although the data is stored locally, control over it is transferred abroad via management interfaces. CISOs must demand technical validation here instead of relying on blanket provider assurances.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong><strong><strong>How does External Attack Surface Management (EASM) support compliance with the C3A?<\/strong><\/strong><\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">EASM serves as a technical corrective. By identifying all systems connected to the internet and geolocating them, deviations from the sovereignty strategy can be identified immediately. If cloud instances or communication endpoints suddenly appear in regions that do not correspond to the agreed geofencing, this becomes immediately visible. It transforms sovereignty from a static clause in the service contract into a continuously monitorable process.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong><strong>What is behind the \u201emapping gap\u201c and why is it dangerous for cloud autonomy?<\/strong><\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\"><br>Conventional vulnerability scanners often wait weeks for data to be enriched by the NVD (National Vulnerability Database). During this time, the cloud infrastructure is unprotected. Our <strong>Preemptive Intelligence<\/strong> closes this period by identifying critical vulnerabilities from the day of publication. This is essential for cloud autonomy: only those who know their vulnerabilities faster than the attacker can retain operational control over their systems and prevent loss of control through external infiltration.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong><strong>How can the C3A requirements be efficiently integrated into vendor risk management (VRM)?<\/strong><\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\"><br>Manually checking providers using static questionnaires is no longer a reliable process given the complexity of modern cloud architectures. An automated VRM makes it possible to continuously monitor the six dimensions of C3A. Instead of asking for a \u201egut feeling\u201c once a year, LocateRisk provides data-based evidence of the security status and locations of the service providers. This is particularly important for compliance with the <strong>NIS-2 due diligence obligations<\/strong> in the supply chain is the only way to effectively minimize liability risks for management.<\/p><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2><br>Request your personal Live-Demo now<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"Ihre Registrierung war erfolgreich Ihre Anfrage wurde erfolgreich versendet. Wir haben Ihnen soeben eine Best\u00e4tigungsmail mit einem Aktivierungs-Link zugesendet, um einem Missbrauch Ihrer E-Mail Adresse durch Dritte vorzubeugen. Die Mail wird von sales@locaterisk.com versendet und sollte sich i n wenigen Minuten in Ihrem Posteingang finden.\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"Da ist wohl etwas schief gelaufen. Bitte probieren Sie es erneut oder nehmen Sie direkt mit uns Kontakt auf\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"first name\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"last name\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Email\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p class=\"translation-block\">I agree with the <a href=\"https:\/\/locaterisk.com\/en\/datenschutz\/\" target=\"_self\">privacy policy<\/a>.<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\"> Request a Demo<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"en\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>Want to find out more, book a demo or simply exchange ideas? We look forward to hearing from you!<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Your personal consultant<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">CEO<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Get in Touch Now<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/en\/\">Home<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/about\/\">About Us<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/impressum\/\">Legal Notice<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/datenschutz\/\">Privacy<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/gtc.pdf\">General Terms and Conditions<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/jobs\/\">Jobs<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/sec-information.pdf\">Security<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Trust Center<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>The BSI has presented a list of criteria that defines when a cloud service is considered sovereign. The focus is on data control options, transparency of the service provider and the ability to comply with regulatory requirements. <\/p>","protected":false},"author":8,"featured_media":8017,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[104,94,105,92,107,93,106,109,108],"class_list":["post-8004","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogpost","tag-bsi-c3a-criteria-enabling-cloud-computing-autonomy","tag-cyber-vendor-risk-management","tag-digitale-souveraenitaet","tag-easm","tag-external-attack-surface-management-easm","tag-locaterisk","tag-nis-2-richtlinie","tag-us-cloud-act","tag-vendor-risk-management-vrm"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit - LocateRisk<\/title>\n<meta name=\"description\" content=\"BSI C3A im Check: Erfahren Sie, wie Sie digitale Souver\u00e4nit\u00e4t &amp; NIS-2-Compliance durch EASM und VRM nachweisen. Jetzt operative Unabh\u00e4ngigkeit pr\u00fcfen!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/en\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit - LocateRisk\" \/>\n<meta property=\"og:description\" content=\"BSI C3A im Check: Erfahren Sie, wie Sie digitale Souver\u00e4nit\u00e4t &amp; NIS-2-Compliance durch EASM und VRM nachweisen. Jetzt operative Unabh\u00e4ngigkeit pr\u00fcfen!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/en\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-28T15:53:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-28T18:21:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristina Breuer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristina Breuer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/\"},\"author\":{\"name\":\"Kristina Breuer\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/21e5a12d84c0f342634386c0ab61710d\"},\"headline\":\"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit\",\"datePublished\":\"2026-04-28T15:53:27+00:00\",\"dateModified\":\"2026-04-28T18:21:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/\"},\"wordCount\":1451,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/LocateRisk-S.png\",\"keywords\":[\"BSI C3A (Criteria enabling Cloud Computing Autonomy)\",\"Cyber Vendor Risk Management\",\"Digitale Souver\u00e4nit\u00e4t\",\"EASM\",\"External Attack Surface Management (EASM)\",\"LocateRisk\",\"NIS-2-Richtlinie\",\"US Cloud Act\",\"Vendor Risk Management (VRM)\"],\"articleSection\":[\"Blog post\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/\",\"name\":\"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit - LocateRisk\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/LocateRisk-S.png\",\"datePublished\":\"2026-04-28T15:53:27+00:00\",\"dateModified\":\"2026-04-28T18:21:20+00:00\",\"description\":\"BSI C3A im Check: Erfahren Sie, wie Sie digitale Souver\u00e4nit\u00e4t & NIS-2-Compliance durch EASM und VRM nachweisen. Jetzt operative Unabh\u00e4ngigkeit pr\u00fcfen!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/LocateRisk-S.png\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/LocateRisk-S.png\",\"width\":800,\"height\":533,\"caption\":\"Die C3A des BSI bieten ein robustes Ger\u00fcst f\u00fcr digitale Souver\u00e4nit\u00e4t. Die Umsetzung erfordert jedoch den \u00dcbergang von manuellen Stichproben hin zu einer kontinuierlichen, automatisierten \u00dcberwachung der Angriffsfl\u00e4che, um dem Zeitvorteil potenzieller Angreifer wirksam zu begegnen.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/21e5a12d84c0f342634386c0ab61710d\",\"name\":\"Kristina Breuer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7a648236f7b10a01aa9df8b4eb163c9868927150ca83c0f6462b6151fbbe1fe5?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7a648236f7b10a01aa9df8b4eb163c9868927150ca83c0f6462b6151fbbe1fe5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7a648236f7b10a01aa9df8b4eb163c9868927150ca83c0f6462b6151fbbe1fe5?s=96&d=mm&r=g\",\"caption\":\"Kristina Breuer\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit - LocateRisk","description":"BSI C3A im Check: Erfahren Sie, wie Sie digitale Souver\u00e4nit\u00e4t & NIS-2-Compliance durch EASM und VRM nachweisen. Jetzt operative Unabh\u00e4ngigkeit pr\u00fcfen!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/en\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/","og_locale":"en_US","og_type":"article","og_title":"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit - LocateRisk","og_description":"BSI C3A im Check: Erfahren Sie, wie Sie digitale Souver\u00e4nit\u00e4t & NIS-2-Compliance durch EASM und VRM nachweisen. Jetzt operative Unabh\u00e4ngigkeit pr\u00fcfen!","og_url":"https:\/\/locaterisk.com\/en\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/","og_site_name":"LocateRisk","article_published_time":"2026-04-28T15:53:27+00:00","article_modified_time":"2026-04-28T18:21:20+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S.png","type":"image\/png"}],"author":"Kristina Breuer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kristina Breuer","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/"},"author":{"name":"Kristina Breuer","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/21e5a12d84c0f342634386c0ab61710d"},"headline":"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit","datePublished":"2026-04-28T15:53:27+00:00","dateModified":"2026-04-28T18:21:20+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/"},"wordCount":1451,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S.png","keywords":["BSI C3A (Criteria enabling Cloud Computing Autonomy)","Cyber Vendor Risk Management","Digitale Souver\u00e4nit\u00e4t","EASM","External Attack Surface Management (EASM)","LocateRisk","NIS-2-Richtlinie","US Cloud Act","Vendor Risk Management (VRM)"],"articleSection":["Blog post"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/","url":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/","name":"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit - LocateRisk","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S.png","datePublished":"2026-04-28T15:53:27+00:00","dateModified":"2026-04-28T18:21:20+00:00","description":"BSI C3A im Check: Erfahren Sie, wie Sie digitale Souver\u00e4nit\u00e4t & NIS-2-Compliance durch EASM und VRM nachweisen. Jetzt operative Unabh\u00e4ngigkeit pr\u00fcfen!","breadcrumb":{"@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S.png","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/04\/LocateRisk-S.png","width":800,"height":533,"caption":"Die C3A des BSI bieten ein robustes Ger\u00fcst f\u00fcr digitale Souver\u00e4nit\u00e4t. Die Umsetzung erfordert jedoch den \u00dcbergang von manuellen Stichproben hin zu einer kontinuierlichen, automatisierten \u00dcberwachung der Angriffsfl\u00e4che, um dem Zeitvorteil potenzieller Angreifer wirksam zu begegnen."},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/bsi-c3a-cloud-souveraenitaet-operative-unabhaengigkeit-nis2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"BSI C3A: Cloud-Souver\u00e4nit\u00e4t &amp; operative Unabh\u00e4ngigkeit"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Measure and compare IT security","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/21e5a12d84c0f342634386c0ab61710d","name":"Kristina Breuer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7a648236f7b10a01aa9df8b4eb163c9868927150ca83c0f6462b6151fbbe1fe5?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7a648236f7b10a01aa9df8b4eb163c9868927150ca83c0f6462b6151fbbe1fe5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7a648236f7b10a01aa9df8b4eb163c9868927150ca83c0f6462b6151fbbe1fe5?s=96&d=mm&r=g","caption":"Kristina Breuer"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/8004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/comments?post=8004"}],"version-history":[{"count":44,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/8004\/revisions"}],"predecessor-version":[{"id":8057,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/8004\/revisions\/8057"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media\/8017"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media?parent=8004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/categories?post=8004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/tags?post=8004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}